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(54) Computer security device which disables a disc drive 



(57) A security device (2) for a personal computer 
comprises means (6, 8) for insertion in-line between a 
disc controller (10) and a disc drive (12), and means 
(14) to disable the disc drive (12). 

The security device (2) can be used to prevent 
boot up from a floppy disc drive whilst allowing 
access to the floppy disc drive to allow information to 
be saved on the floppy disc. It includes switches in 
control lines of one or more disc drives and Involves 
software allowing "drive 1" to be addressed as "drive 
0". 




At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy. 
The claims were filed later than the filing date within the period prescribed by Rule 25(1) of the Patents Rules 1990. 
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SECURITY DEVICE 



Field of the Invention 

The present invention relates to security devices, 
especially security devices for IBM compatible (including 
IBM) personal computers (hereinafter "PC's"). 

Background to the Invention 

Generally, a PC has at least two disc drives from which 
it can load data/software and/or to which data/ software can 
be saved* The drives generally include a hard disc, 
usually (though not necessarily) integral with the PC and 
at least one so-called "floppy" disc drive (usually for 
3 1/2 inch discs). In some PC's there is a second floppy 
disc drive (usually for 5 1/4 inch discs). The hard disc 
can be used to store software or information that is 
frequently required for the general use of the PC, while 
floppy discs can be used for temporary storage of data, for 
back-up purposes or for less frequently used programs. 

In terms of the PC's operation, the disc drives are 
allocated numbers 0 for the first floppy disc drive, 1 for 
the second floppy disc drive (which can be addressed as 
such even if it is not present) and so on up to 127. 
Numbers equal to or greater than 128 will be treated as the 
hard disc drive. 

When a PC is first switched on, its firmware (hard-wired 
logic) attempts to load a control program from the first 
disc that it can find with a suitable program. This in 
turn loads the operating system that will control the PC. 
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This procedure is known as a "boot" or "boot up". The 
firmware first tries drive 0 and, if it receives no 
suitable program, then tries the hard disc. 

In normal circumstances, when no floppy discs are present 
in the drives, the PC will select the hard disc from which 
to load its control program, A control program loaded from 
the hard disc or a subsequently loaded operating system can 
include various security features to negate or minimize the 
risk that unauthorised use will be made of the PC in order 
to, for instance, detect worms or viruses (as they have 
become known) on to the system or to prevent their being 
loaded. Many such security products are available, for 
instance the DiscLock, Immunizer and UltraMenu (all trade 
marks) products available from VISIONSOFT LIMITED of Unit 
M4, Enterprise 5, Five Lane Ends, Bradford, BD10 8BW, 
United Kingdom. 

However, because in the boot process the PC firmware 
first addresses drive 0, before the hard disc, if a floppy 
disc has been inserted into drive 0 a control program 
and/or virus can be booted up from there, effectively 
bypassing any security software on the hard disc. 
Therefore, a user can, by this technique, gain unauthorised 
access to the PC and, in certain situations, to networks 
and cause considerable damage. (Note that a PC will not 
attempt to boot up from drive 1 before the hard disc ) . 

Also, if the PC is allowed to boot from drive 0, the hard 
disc inside the PC can potentially be infected by a "boot 
sector" computer virus if one was present on the floppy 
disc. 

Prior Art Known to the Applicant 

The problem set out above has been recognised in the 
computer industry. The current solution to this problem is 
to provide a physical lock over the floppy disc drive(s) to 
prevent unauthorised use. One such product is described in 
US Patent No 4,640,106 

However, such a product has the disadvantage that, once 
locked it prevents the disc drive(s) from being used at all 
so that data cannot be saved on to a floppy disc in the 
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usual way. In most organisations this is intolerable , so 
it is necessary to have relatively easy access to keys (or 
other security releasing means) to remove the physical 
lock. This easy access to keys means that the system is 
often inherently less secure than desired. 

Furthermore, it may be possible for these known devices 
to be prised away from the floppy drives by exerting 
sufficient force. 

Summary of the Invention 

According to the present invention there is provided a 
security device for a PC, the security device comprising 
means for insertion in-line between a disc controller and a 
disc drive and means to disable the disc drive. 

Such a security device cannot be seen from the exterior 
of the PC and is, therefore, advantageous over known 
devices. Furthermore, its operation is electrical not 
physical so it provides an enhanced security system. Even 
if the PC is opened, it can be difficult to locate the 
security device. 

Preferably the disc drive is only disabled during the 
boot process. 

The disc drive can be a hard disc drive, if it is 
required to prevent access thereto, or a floppy disc drive. 
In the case of a floppy disc drive, it is preferably the 
drive 0 so that an unauthorised boot up cannot be carried 
out but the hard disc drive can be used. 

The security device preferably comprises means to switch 
the disc drive from its disabled to an enabled state in 
which access to the disc drive is permitted for the boot up 
process. The switching means preferably comprises a lock 
means • 

The security device preferably comprises means to enable 
the drive to which access is disabled to be changed to 
provide maximum flexibility. This flexibility can be 
provided by jumpers. 

The means to disable the disc drive preferably comprises 
a break in the motor enable drive 0 wire. More preferably 
the drive 1 can still be used. Most preferably the PC is 
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also supplied with software so that the drive 1 can be 
addressed as drive 0. The motor enable drive 0 and drive 1 
wires and the select drive 0 and drive 1 wires are the 
control lines. 

In a single floppy disc drive system, the disabling means 
preferably comprises the breaking of a control line to 
drive 0 and the rerouting to drive 0 control of lines 
normally going to drive 1. 

In a double floppy disc drive system, the disabling means 
preferably comprises the breaking of a control line to 
drive 0 and the maintenance of control lines to drive 1. 

Conveniently the security device is located in a cable 
between the disc controller and the disc drive. 

More preferably the security device includes connectors 
to enable it to be connected to the disc controller and the 
disc drive. 

According to the present invention, there is also 
provided in a second aspect a PC including a security 
device as set out above. 

Furthermore, according to the present invention there is 
further provided in the third aspect a kit including a 
security device as set out above and program storage means 
which can be used to load software on to the PC to allow 
the disabled drive to be addressed. 

Brief Description of the Drawings 

The invention will now be described by way of example 
only, with reference to the drawings that follow; in 
which: - 

Figure 1 is a schematic illustration of a PC. 

Figure 2 is a schematic illustration of a security device 
according to the present invention. 

Figure 3 is a schematic circuit diagram illustrating the 
mode of operation of the present invention. 

Description of the Preferred Embodiments 

Figures 2 and 3 show a security device 2 for a PC 4 
(Figure 1), the security device 2 comprising means 6, 8 to 
enable it to be inserted in-line between a disc 
controller 10 and a disc drive 12 and means 14 to disable 
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the disc drive 12, 

Referring now to Figure 1 there is shown a PC within 
which is located a security device 2 (Figures 2 and 3). 
The security device 2 is ready to be inserted between a 
disc controller 10 and a disc drive 12 (the connections of 
which are visible in Figure 2). The security device 2 is 
located in-line in the ribbon cable 16 used to connect the 
disc controller 10 to the disc drive 12, At one end of the 
ribbon cable 16 is a disc controller connector 6 and at the 
other end is a disc drive connector 8. 

In a PC the disc controller 10 can be a plug-in card or 
it can be built into the main processor board of the PC. 
This controller 10 can either be a dedicated "hard" or 
w floppy" controller or it can be capable of handling both 
devices . 

In this example, the disc drive 12 is the drive 0 and the 
disc controller 10 is appropriate for controlling drive 0. 

Of the 34 wires in the ribbon cable 16 only seven input 
wires 18A-18G and seven output wires 19A-19G are shown in 
Figure 2 and referred to in more detail below* 

The security device 2 comprises a printed circuit board 
(PCB) 20 which is represented schematically in Figure 2 
and 3. On the PCB 20 are input means 22 and output 
means 24 for the wires 18A-18G and 19A-19G respectively. 
The ways in which the wires 18, 19 are configured are 
discussed in more detail below. 

Also on the PCB 20 is a switching means 26 which itself 
is connected to a key socket 28 which can be fitted in an 
open port of the PC. The switching means 26 is a 2 pole, 
2 position switch operated by a key (not shown) in key 
socket 28. The switching means 26 has terminals 27A-27F. 
In its locked position the switching means 26 connects 
terminal 27A to terminal 27B and terminal 27D to 
terminal 27E. The unlocked second position of switching 
means 26 connects terminal 27 A to terminal 27C and 
terminal 27D to terminal 27F. Also shown on the PCB 20 
are terminals 30A-30F over which are connected a first 
jumper 32 and a second jumper 34. 
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In Figure 2 it can be seen that the output wires 19A-19G 
twist away from the device 2 to keep in line with the 
inputs . 

The configuration of the switching means 26 and of the 
jumpers 32 and 34 determines how the inputs and outputs of 
wires 18A-18G and 19A-19G respectively are connected 
together and so the state of the drive 12 as explained 
below. The seven wires 18A-18G are input wire numbers 10- 
16 inclusive on the 34 wire cable 16 as set out below in 
Table 1: 

Table 1 - Wire Designations 
Figure 2 Reference Wire Numbers Wire Designation 

(on 34 Wire Cable) 



18A 


10 


Motor enable 






drive 0 


18B 


11 


Ground 


18C 


12 


Select drive 1 


18D 


13 


Ground 


18E 


14 


Select drive 0 


18F 


15 


Ground 


18G 


16 


Motor enable 






drive 1 



The output wires 19A-19G are designated accordingly, ie 
19A in the output of the motor enable drive 0 from the PCB 
20. 

In all cases in the embodiments of the present invention 
set out herein the ground wires 18B, 18D and 18F, and 19B, 
19D and 19F are allowed to pass unhindered through the 
security device 2. The ground wires 18B, 18D and 18F, and 
19B, 19D and 19F are only intercepted in the first place 
for the convenience of not having to separate off the other 
wires 18A, 18C, 18E and 18G, and 19A, 19C, 19E and 19G. 
Therefore, the only inputs to PCB 20 that need to be 
considered in detail are those of wires 18A, 18C, 18E and 
18G. The only outputs of relevance are 19A, 19C, 19E and 
19G which are designated accordingly which are, 
respectively, the motor enable drive 0, select drive 1, 
select drive 0 and motor enable drive 1 as set out in 



Table 1 above* 

For a PC having a single floppy disc drive 0 the 
switching means 26 enables the security device 2 to be in a 
"locked" or an "unlocked" state- The "locked" state is one 
in which access to drive 0 for boot up purposes is 
disabled. The "unlocked" state is one in which access to 
drive 0 for boot up purposes is enabled. 

In the locked state the configuration (location of 
jumpers 32, 34 and state of switching means 26) of the 
circuit is such that the connections between the input 
wires 18A-G and output wires 19A-19G is as follows, with 
"X" indicating that a line is broken (ie has no output). 
Table 2 - Single drive locked 



Input 

18A - motor enable drive 0 
18C - select drive 1 

18E - select drive 0 

18G - motor enable drive 1 



In the single drive's unlocked 
connections between the input wires 
wires 19A-19G are as follows: 

Table 3 - Single drive unlocked 



Output 
X 

19E - select 
drive 0 
19 E - select 
drive 0 
19 A - motor 
enable drive 0 
configuration the 
18A-18G and output 



Input 

18A - motor enable drive 0 
18C - select drive 1 
18E - select drive 0 



Output 
19A - motor 
enable drive 0 
19E - select 
drive 0 
19 E - select 
drive 0 

18G - motor enable drive 1 X 

In the locked configuration of Table 2 drive 0 is 
disabled because the wire 18A (motor enable drive 0) is 
broken. Thus, when the PC 4 is switched on it will attempt 
to select and enable drive 0, receive no response because 
the wire 18A (motor enable drive 0) is broken and so boot 



8. 

up from the hard disc regardless of whether a disc is 
present in drive 0. 

In addition, the wires 18A-18G and 19A-10G are so 
configured that if drive 1 is addressed (note that there is 
no physical drive 1 in this system), the signal is routed 
to drive 0. Thus, in order to use drive 0 for purposes 
other than booting up, the user merely needs to address 
drive 1 using the usual notation. Note that the PC system 
architecture is such that although a single floppy disc 
drive system only has a physical drive 0, it can still 
handle signals to drive 1 without automatic errors because 
the relevant wiring is still present. 

In order to simplify this procedure, software is provided 
with the security device so that once the boot up has been 
carried out and the software loaded, reference to drive 0 
will automatically use the enable and select signals for 
drive 1 (which are subsequently rerouted to drive 0 by the 
security device 2). Software to achieve this can easily be 
produced by a person skilled in the art for any of the 
available operating systems currently available on PC's (eg 
Unix, Xenix, 0S2, DRDOS or Novell). In the MSDOS operating 
system of PC 4 of the present example the internal table 
instructing the PC 4 which physical drive relates to which 
letter (A or B) when entered by a user, is amended. The 
effect at the amendment is that when a user enters "A:" 
(which the PC normally relates to drive 0) the PC relates 
this to drive 1. The command ,, B: ,t is also related to 
drive 1. 

The software referred to above can also include a 
standard user /password system to govern usage of the PC. 

The overall effect of this system is that a user cannot 
boot up the PC from drive 0. The PC will automatically 
boot from the hard disc thus enabling any security software 
to be loaded as desired and not bypassed. However, after 
boot up, the user can make use of the PC 4 in the usual way 
since references to drive 0 will, because of the software 
referred to above, operate drive 0 even though the control 
lines to drive 0 are interrupted. 





In the single drive unlocked configuration (Table 3) 
inputs 18A (motor enable drive 0) and 18E (select drive 0) 
are output to their normal outputs 19A and 19E respectively 
so the floppy disc. drive works exactly as normal. 

The case of a twin floppy disc drive system is more 
complex because the system has a physical drive 1. 

For a two drive system the locked and unlocked 
configurations are as follows: 

Table 4 - Twin Drive Locked 
Input OutEut 
18A - motor enable drive 0 X 
18C - select drive 1 19C - select 

drive 1 

18E - select drive 0 19E - select 

drive 0 

18G - motor enable drive 1 19G - motor 

enable drive 1 
Table 5 - Twin Drive Unlocked 

input Output 

18A - motor enable drive 0 19 A - motor 

enable drive 0 

18C - select drive 1 19C - select 

drive 1 

18E - select drive 0 19E - select 

drive 0 

18G - motor enable drive 1 19G - motor 

enable drive 1 

As for the single disc drive in its locked configuration 
(Table 2 above ), this twin drive configuration disables 
access to the drive 0 by breaking the line 18A motor enable 
drive 0. However,, drive 1 is operational in the usual way 
(the control lines 18C/19C - select drive 1 - and 18G/19G. 
- motor enable drive 1 are neither broken nor diverted). 
Therefore, when the PC 4 is first switched on it asserts 
drive 0, receives no response and boots from the hard disc* 
Subsequently, drive 0 remains locked, but drive 1 can be 
used as normal. A label on the PC, or a screen signal can 
be used to alert the user to the fact that they need to 
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insert their discs into drive 1 (what they will recognise 
as drive B) and address that drive. 

In the twin drive unlocked state (Table 5 above), all of 
the wires 18A-18G and 19A-19G remain connected as normal 
thus allowing full access to the twin drives. 

It is also possible to disable all of the floppy disc 
drives when locked using the following input/output 
configuration. 

Table 6 - All Locked 
Input Output 
18A - motor enable drive 0 X 
18C - select drive 1 19E - select 

drive 0 

18E - select drive 0 19 E - select 

drive 0 

18G - motor enable drive 1 X 

Thus the motor enable wires 18A and 18G. for drive 0 and 
drive 1 are broken so neither drive can be used. This 
effectively bars the floppy disc drives from use. 
The unlocked configuration is as follows: 
Table 7 - All Unlocked 
Input Output 
18 A - motor enable drive 0 18A-motor enable 

drive 0 

18C - select drive 1 18E - select 

drive 0 

18E - select drive 0 18E - select 

drive 0 

18G - motor enable drive 1 X 

Because line 18G (motor enable drive 1) is broken in both 
the all locked (Table 6) and all unlocked (Table 7) 
configurations , drive 1 will not work even when "unlocked". 
Only drive 0 is available. This limitation has been 
accepted to keep components to a minimum in this embodiment 
of the present invention, but ideally the configuration 
would be as shown in Table 5. 

Referring to Figure 3, the connections of the PCB 20 are 
shown schematically. As mentioned above, the six states of 
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the security device (single drive locked, single drive 
unlocked, double drive locked, double drive unlocked, all 
drives locked and all drives unlocked) are determined by 
the positions of the jumpers 32, 34 on the terminals 30A- 
30F and of the switching means 26 in relation to 
terminals 27A-27F. The jumpers 32, 34 determine whether 
the state of the device 2 is set for a single drive, a 
double drive or both drives disabled. The switching 
means 26 enables the system to be changed between its 
locked and unlocked states, thereby giving the user maximum 
flexibility in enabling or disabling use of drive 0 for 
boot up. 

The hard wiring of the PCB 20 is as follows: 

18A - 27A 
18B - 19B 
18C - 30B 
18D - 19D 
18E - 19E 
18F - 19F 
18G - 30E 
19A - 27E 
19C - 30C 
19E - 30A 
19G - 30F 
27D - 30D 
27C - 27E 

The configurations of the security device for the five 
states referred to above are as set out in Table 8 below. 

Table 8 - Configurations 



Jumper 32 

30A/30B 

30A/30B 
30B/30C 
30B/30C 



Jumper 34 

30D/30E 

30D/30E 
30E/30F 
30E/30F 



Switch Position 
27A-27B/27D-27E 

27A-27C/27D-27F 

27A-27B/27D-27E 

27A-27C/27D-27F 



State 
Single Drive 
Locked 

Single Drive 
Unlocked 
Double Drive 
Locked 

Double Drive 
Unlocked 
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30A/30B Removed 27A-27B/27D-27E All locked 

30A/30B Removed 27A-27C/27D-27F Unlocked 

It will be clear to a person skilled in the art that the 
present invention can be used to prevent the use of a hard 
disc drive as well as that of a floppy disc drive. 
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CLAIMS 



I A security device for a PC, the security device 
comprising means for insertion in-line between a disc 
controller and a disc drive and means to disable the disc 
drive. 

5 2 A security device according to claim 1, in which the 
disc drive is disabled only during the boot process. 

3 A security device according to claim 1 or 2, in which 
the disc drive is a hard disc drive. 

4 A security device according to claim 1 or 2, in which 
10 the disc drive is a floppy disc drive. 

5 A security device according to claim 4, in which the 
disc drive is the drive 0 so that an unauthorised boot up 
cannot be carried out but the hard disc drive can be used* 

6 A security device according to any one of the preceding 
15 claims, also comprising means to switch the disc drive from 

its disable to an enabled state in which access to the disc 
drive is permitted for the boot up process. 

7 A security device according to claim 6, in which the 
switching means comprises a lock means. 

20 8 A security device according to any one of the preceding 
claims, also comprising means to enable the drive to which 
access is disabled to be changed to provide maximum 
flexibility. 

9 A security device according to any one of the preceding 
25 claims, in which the means to disable the disc drive 

comprises a break in the motor enable drive 0 wire. 

10 A security device according to claim 8, in which the 
drive 1 can still be used when the disc drive is disabled. 

II A security device according to any one of the preceding 
30 claims, in which the PC is supplied with software so that 

the drive 1 can be addressed as drive 0. 

12 A security device according to any one of the preceding 
claims, in which the security device is located in a cable 
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between the disc controller and the disc drive. 

13 A security device according to claim 12 , which includes 
connectors to enable it to be connected to the disc 
controller and the disc drive. 

5 14 A security device according to any one of the preceding 
claims for use in a single floppy disc drive system, in 
which, the disabling means preferably comprises the 
breaking of a control line to drive 0 and the rerouting to 
drive 0 control of lines normally going to drive 1. 

10 15 A security device according to any one of claims 1 to 

14 for use in a double floppy disc drive system, in which, 
the disabling means preferably comprises the breaking of a 
control line to drive 0 and the maintenance of control 
lines to drive 1. 

15 16 A PC including a security device according to any one 
of the preceding claims. 

17 A kit including a security device according to any one 
of claims 1 to 15 and program storage means which can be 
used to load software on to the PC to allow the disabled 

20 drive to be addressed. 

18 A security device for a PC arranged substantially as 
herein described, with reference to, and as illustrated in 
Figures 2 and 3 of the accompanying drawings. 

19 A PC arranged substantially as herein described, with 
25 reference to, and as illustrated in Figures 1 to 3 of the 

accompanying drawings. 
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